Privacy watchdog clamps down on DVLA data sharing

Data protection watchdog the Information Commissioner's Office (ICO) has published guidelines outlining how motorists' personal data can be used by the Driver and Vehicle Licensing Agency (DVLA).

The ICO guide attempts to explain the circumstances where the DVLA is allowed to share their personal details with third parties without breaking data protection rules.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below, emailing us at editorial@silicon.com or signing the 10 Downing Street e-petition.

The DVLA can pass on an individual's personal details to a third party if there is "reasonable cause" to do so - such as the prevention or detection of crime - according to the guidance published by the ICO.

The DVLA holds a register of all vehicles licensed for use on the road, which also contains the name and address of the registered keeper of each vehicle, and the agency can pass details from this register onto a third party for a number of legitimate reasons, according to the guide.

But the DVLA does not have to ask permission from registered vehicle keepers before passing on any details to other parties.

Phil Jones, assistant commissioner at the ICO, said the DVLA passes on information from its register to third parties for a variety of legitimate reasons but the person or organisation requesting the information must always provide evidence to the DVLA to show why their request is reasonable.

The ICO Use and disclosure of vehicle information guide said: "The DVLA will consider [the third party's] reasons for wanting the information and any application which does not give a good reason will be rejected, as will any application where the DVLA believes the information would be used unfairly or irresponsibly."

Jones added in a statement: "It is an offence under the Data Protection Act to unlawfully obtain information, for example by misleading the DVLA as to why the information is required."

The DVLA was criticised last year after revealing it made £6.3m from selling access to the names and addresses of motorists to private sector companies such as bailiffs, debt collection agencies and wheel clampers. An investigation also found convicted criminals and companies that didn't actually exist had been granted access to names and addresses from the vehicle register

The government subsequently issued a new set of rules to clamp down on the DVLA because of concerns over the breadth of organisations allowed access to driver data.